Facts about Psy

  • Hey - turns out IRC is out and something a little more modern has taken it's place... A little thing called Discord!

    Join our community @ https://discord.gg/JuaSzXBZrk for a pick-up game, or just to rekindle with fellow community members.

Status
Not open for further replies.

Basdo

<b>Lea</b><b>gue and Fo</b><b>rum Ad</b><b>ministr
Jan 7, 2002
2,451
63
Munich, GER
Since many clans are now talking about this, it’s probably a good time to lay all the facts out in public, so everyone knows.

Throughout August, there were a number of incidents with the league servers, which had quite a large impact on the league. The servers were repeatedly crashing (only during matches), with what looked like a clean application exit.

The new server administrators endeavoured to find the cause of these crashes, so Cratos built some further security and logging measures to keep track of every access to the servers.

On Sunday 15th August at 10:58am, all of the league servers were attacked and as a result, taken offline. Further diagnosis revealed that the servers had been sent into an infinite startup loop due to corruption in the settings files. All leagueserevers were involved #1, #2, #4, #5, #6, #7 and all 2v2: #2, #3, #4.

Since the server admin team, and the remaining league admin team had no access to any of the 2v2 servers, there was no way to fix these.

It was revealed that the settings were intentionally corrupted (not by cause of automation). On the 22nd of August the following facts were disclosed:
  • The servers’ settings were not corrupted via automation or via an (un)known exploit. They were intentionally corrupted via Webadmin.
  • Since all league servers, including all 2v2 server were modified (and even the new admin team didn’t have access to all of them) it seems to have been someone else with all access....
  • LeagueServer#7 logged that on Thursday (19th August) morning @ 3am someone from Spain (Madrid) connected to the server via webadmin.
  • No settings were modified during this last login session
On Friday 23rd August, servers #1, #2 and #6 logged the same Madrid based IP logging in to the League Server’s web admin and “crashing” the servers during matches. While the serveradmins were heading to fix the servers and tried their best to continue the matches, the attacker kept on crashing them right afterwards. Most matches could not be finished that day.

Immediate action by the new administrators was taken, all League Servers were locked down and every point of access was changed.

On Saturday 24th August, every server, except Server 6 was fully locked down.

Doh and Martz helped by securing all other access points the attacker could’ve had access to (League Database, Site etc).

After 6 days (30th August), all servers were secured, proved by further logged failed attempts to access them.

At 20:24 (UK time) on 30th August, an unexpected guest arrived in IRC:

[20:24] •• Psy has joined: #[channel]

Due to security reasons, the whole log of this conversation cannot be shown, but an unbiased stripped version of the nights log is available (see attached).

To sum up the conversation held on 30th-31st August, Psy (who’s IP matched that which was being logged as attacking the servers) was asked if he knew anything about the attacks.

Various logs were used as evidence; yet Psy remained adamant that he had nothing to do with the numerous attacks the league servers endured.

He claimed that his PC had been left on throughout the time he was “away”, and that it had no anti-virus OR firewall active.

He also stated that all the league passwords and details were readily viewable from his desktop.

Now, if he is indeed correct, and the above allegations cannot be placed solely on him, then it was his negligence that lead to these attacks, of which he is 100% guilty.

Unfortunately, this wasn’t the end of things. Now "the attacker" had no further access to the servers directly, they decided to attack the benign services that kept the league running; first, the league site, and then the Server Setup System.

An unused defunct FTP account to the league site suddenly appeared in the logs on Thursday 2nd September. Many league files were altered / replaced with much older versions, rendering the entire league site inoperable.

The new ip that appeared in the latest logs was from a Madrid based University; not from Psy's ip. However previous days to this, the ftp username and password were tested from his IP address which we repeatidly logged. A day later the same user/pass details were used from the Madrid University and the damage was done.

Martz / doh quickly recovered a backup of the site and ensured further access could not be gained.

Psy returned to IRC once more, on the 3rd of september (see logs attached); but still denied trying to access the servers.

On Monday 6th September (exact time unknown, but roughly estimated to be between midday and 19:00) the setup system completely failed. Immediate action was taken, and on Tuesday morning, both Martz and Timo began diagnosing the possible cause.

It was proved that the majority of the setup system code had been altered, in a similar way to the league site, to remove all event logging and alerts, also to send it into an infinite loop (presumably in the intention of crashing the entire system). The other core files used in the setup system were also altered beyond repair & recovery.

Currently work is being done on construction of a new, more secure setup system, which will be hosted in conjunction with the league site, but due to the vast amount of damage caused on the old setup system, this is having to be rewritten completely.

Please be patient during this recovery time, the server administrators will be doing their best to manually run the servers uninterrupted until the new system is in place.

Many Thanks,


utassault.net Staff

(IRC Log pt 1-3 attached).
 

Attachments

  • psy.returned.20040830.log.txt
    42 KB · Views: 492
  • psy.returned.20040831.log.txt
    4.9 KB · Views: 325
  • psy.returned.20040903.log.txt
    1.6 KB · Views: 312
What to say...

Probably not much point in moaning about Douchebag's actions - it has been annoying having war after war ruined by server problems, and that's even worse knowing that it wasn't some code f**ing up, but a deliberate action... I had bad blood with Psy in the past, but I didn't think he would stoop to this kind of thing :nono:

I'm sure there will be flaming, but I'd just like to say that I think the new admin team have been doing a bloody good job so far - and I hope that you will have the complete support of the league as we go forward. (I'm also chuffed to see that having a larger number of admins seems to be helping nicely! From the time Mughi spent as an admin it was pretty damn obvious that it's too big a job for just a couple of people)

W.

Edit by bas: had to delete a part of your post Ian soz
 
Last edited by a moderator:
Shame he would go this low, but a new begginning and lesson's learned hopefully no more crashed servers and better league games :)
 
  • Like
Reactions: X-Bomb and Riv
I think it would be a good step to ban his moderator-empowered forum account if you've not already done so.
 
Last edited by a moderator:
You fools should have listened to me.
Good to see he gives me bullshit about stopping my cup while he's doing this.
Happy? :!ola:
 
Last edited:
heard rumours a while ago but didnt realy thought he would go so far :S
Well done admins (the real ones)

EDIT: clap clap miner surely knows how to become popular:S starting with u fools is always a good way to present yaself... :boozer:
 
  • Like
Reactions: masterrr
Miner said:
You fools should have listened to me.
Good to see he gives me bullshit about stopping my cup while he's doing this.
But then again, looks like we can never get any decent admins around here.....

Admins we have atm are doing a fine job imo, just because a decision goes against you doesnt mean they r not decent admins ;)
 
I have heard from a very few incidents similar to this way of things during his active admin time and I do admit I was and am now (due to reading this thread) as shocked as most of you other guys. Ive spent over a year with Psy as an admin, we had conversations over hours and days, and I am to a certain degree surprised by his actions. It's very sad that this online community has the power to drive someone this mad to do such stuff, even tho I realise there must be some sort of issue so that he could have even considered performing these actions. At the same time, I have seen each and every letter of constant (personal) attacks, physical threats etc. again him just because of a lost online game. So I can vaguely follow his course of thoughts now (and nearly all of you guys cant argue about this because youve not seen the adminside of any topics).
As much as I have to agree on the actions taken against him because he was simply out of order (seriously fucked up, his described actions were), I would also like to use this post as an opportunity to thank Psy (Im sure he is going to read forums at one point) for all the hours and nights he has spent with working and improving this league and has kept it running nearly all by himself for most of the ~ 1 year I worked with him - until it came to the "turning point" from where it all went downhill. But actively I only experienced the first part of that, so I cant comment on anything afterwards. Its a shame it has come to this end now but I guess it had to be done.

I would also love to see this thread not degenerate into "I knew it from the start hes a shithead fucker" posts, reasons are obvious above. And Miner, your last line there is seriously out of order as well IMO. Theres no such thing as a "bad" admin in this league IMO, they all devote themselves to the job and spend their free time on it with no reward whatsoever.
There may be better and worse admins in relations to each other, granted, but no admin is "bad" basically.
Exceptions support the rule, as always. :|
 
Last edited:
Okay, but why are you posting such stuff here? Bas had already edited 2 people's posts. The things they wrote where very straight forward and logical consequences possible if psy has in fact intentionally done what you are posting.

I knew the server crashing was dodgy for some time, i had my own thoughts on this. But i cant possibly see how bringing this to the public will help the security cause in anyway.

If in fact it wasnt psy and another member of this league, then its quite obviouse now that the admins are on the case.

Which ultimatly makes psy guilty as charged?

Not just me wondering why this has been made public, was discussing this on IRC with a couple of people.

But as its already here i have 2 questions;

1. Why would psy, over a year of admining, doing ALOT of work. Then suddenly decide to fuck up the servers and everything else only to then come and say his life should be returning to normal and return to his 'duties'? This to be doesnt make sense, only a lunatic would do that.

2. I knew psy quite well, at least i thought, he broke off contact with me and alot of us. When we spoke alot, even planning on meeting up during the holidays. He mentioned how he thought the league would die without all the work he would do. The only motive i could see of him doing this intentionally is that, he saw that the new admins are doing a GOOD job. So he decided to spice things up a bit.

Either way, im glad the admins are doing something regarding the security but perhaps this shouldnt have been made as publically aware as it has been. As humph pointed out some people are going to enjoy this thread for the fun of flames and conspiracy theories that are gonna come up, rather than the more important issue of security to the league.
A email (which had been done by admin team) to clan server owners and to clan league representatives might have been a more secure approach.

But anyway keep up the good work,

Mc
 
he did more for the league than you can imagine Humph. Neph is absolutely right, people here never got to see the "adminside of any topics" and a lot of flames just went way too far in the past. It's certainly not right only to flame Psy now, cause the reason for this lies in LOADS of flames over the past months and I think a lot of people here have to think about this a bit.
 
  • Like
Reactions: Urgamanix
Status
Not open for further replies.